This course is an advanced and practical approach to the methodologies used in intrusion into corporate networks. We emphasize the technical understanding and practical application of the different forms of existing attacks. The objective is to provide you with the technical skills necessary to perform security audits (penetration tests), judging for yourself the criticality and the real impact of the vulnerabilities discovered on the IS.
In particular, the objectives of the training are as follows:
• Windows / Linux Administration / Using Linux from the TCP / IP Command Line
• Code : HSA
• schedule : 5 Days
• Horaires : 8h30 - 17h30
• place : training center, Center Urbain Nord
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
• TCP / IP / Hardware Network Recall
• Protos / OSI - IP addressing
• Vocabulary
• BDD of Vulnerabilities and Exploits
• Public information
• Search engine
•Active information taking
• Enumeration of machines
• Acquisition of the operating system
•Impression taking of services
• Idle Host Scanning
• Sniffing réseau
•Hijacking
• Attacks on secure protocols
•Denial of service
• Spoofing réseau
• Vulnerability scanner
• Exploitation of a remote vulnerable service
• Privilege escalation
• Spy system
• Attacks via malware
• Malware generation via Metasploit
• Control EIP
• Encoding payloads
•Detection method
• Site mapping and identification of information leaks
• FPHP flaws (include, fopen, upload etc.)
• SQL Injections
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
- Good practices
• Escape Shell
• Buffer overflow sous Linux
• Intel x86 architecture
• The registers
• The battery and its operation
• Presentation of standard attack methods
•Overwriting variables
• Control EIP
• Run a shellcode
•Take control of the system as a root user
• Putting into practice the knowledge acquired during the week on a final TP
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.